Vulnerabilities

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities

The two chip giants have published over two dozen advisories describing recently identified security defects.

Chipmaker Patch Tuesday

Intel and AMD have released over two dozen advisories on May 2026 Patch Tuesday, addressing 70 vulnerabilities across their product portfolios.

Intel published 13 advisories describing 24 security defects, including one critical and eight high-severity flaws.

The critical bug, tracked as CVE-2026-20794 (CVSS score of 9.3), is described as a buffer overflow issue in the Data Center Graphics Driver for VMware ESXi software that could be exploited for privilege escalation and potentially for code execution.

Intel’s update for the product also resolves two high-severity out-of-bounds write and read weaknesses that could lead to denial-of-service (DoS) conditions and potentially to data corruption or disclosure.

The chip maker also addressed high-severity vulnerabilities in Vision software, Endpoint Management Assistant (EMA), UEFI firmware for the Slim Bootloader, and QuickAssist Technology (QAT) software drivers for Windows.

Successful exploitation of the flaws could lead to DoS conditions and privilege escalation, and potentially arbitrary code execution.

Advertisement. Scroll to continue reading.

The remaining security defects addressed by Intel on Tuesday are medium-severity bugs affecting AI Playground, Display Virtualization for Windows driver, 800 Series Ethernet Linux driver, NPU drivers, UEFI firmware, Server Firmware Update Utility, QAT drivers for Windows, and some Intel processors.

AMD published 15 advisories covering 45 vulnerabilities, including one critical-severity flaw and two dozen high-severity issues.

Tracked as CVE-2026-0481 (CVSS score of 9.2), the critical bug impacts the AMD Device Metrics Exporter (ROCm ecosystem), which exposes port 50061 on all network interfaces by default, allowing unauthenticated users to access the GPU-Agent gRPC(Google Remote Procedure call) server.

“Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability,” AMD explains.

The company has addressed high-severity weaknesses within Secure Processor (ASP), general-purpose input/output controller (GPIO), Revenera InstallShield, Ionic cloud driver for ESXi, RAID driver, chipset drivers, CPU operation cache on Zen 2‑based products, graphics and datacenter accelerator products, EPYC and EPYC Embedded processor platforms, and some optional software tools.

Successful exploitation of these issues could lead to privilege escalation, arbitrary code execution, and arbitrary read/write access to the victim VM/process data.

Related: ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA

Related: Microsoft Patches 137 Vulnerabilities

Related: Adobe Patches 52 Vulnerabilities in 10 Products

Related: SAP Patches Critical S/4HANA, Commerce Vulnerabilities

Related Content

Vulnerabilities

Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software.

Vulnerabilities

The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update.

Artificial Intelligence

Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval.

Vulnerabilities

The security refresh resolves 13 use-after-free bugs, including two critical-severity flaws found by Google.

Vulnerabilities

Tracked as CVE-2026-11405, the vulnerability allows unauthenticated attackers to access a device's web management interface.

Artificial Intelligence

The "Rogue Agent" vulnerability could have enabled attackers to silently manipulate AI conversations, exfiltrate data, and compromise every Dialogflow CX agent within the same...

Artificial Intelligence

Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authentication.

Vulnerabilities

Attackers are exploiting the critical Gitea vulnerability CVE-2026-20896 to bypass authentication with a single HTTP header and access vulnerable repositories and secrets.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version